The gathered data allowed Appthority insight into the most popular apps that employees installed on work devices or on personal devices that they bring into enterprise networks via bring-your-own-device (BYOD), choose-your-own-device (CYOD) and corporate-owned, personally-enabled (COPE) policies.

According to Appthority, Uber, The Yellow Pages, and Facebook were the top three most popular apps installed on Android devices, while WhatsApp, Facebook Messenger, and Uber were the most popular apps on iOS.

Malware vectors, privacy leak risk apps top blacklisted chart

In addition to the most installed apps, Appthority also had an insight into applications blacklisted based on company-wide policies. These apps were blacklisted because of known vulnerabilities, potential leaks of sensitive data, or for being known malware infection vectors.

For example, the most blacklisted app on Android devices part of enterprise networks was an app named Poot-debug(W100).apk, a known rooting toolkit, known to be part of many malware-infected applications.

In fact, eight of the top 10 blacklisted apps on Android were known malware vectors, compared to iOS where apps deemed as a privacy risk dominated the top 10.

These iOS apps in the Appthority list are all known to collect and send user information to external servers. Collected data includes SMS messages, contact lists, location information, and more.

Companies dealing with sensitive business information find such apps to be a real risk; hence the reason most of them have been added to corporate blacklists.

Most apps collect and send data to US-based servers

In addition to documenting blacklisted apps that collect user data, Appthority also tracked where this information was being sent.

Surprisingly, most of the data didn't go to China, as many expected, but to the US, who led the ranking on both Android and iOS. As for China, it ranked only 8th in the Android list and 10th in the iOS ranking.

The results should be taken with a grain of salt, but the findings should serve as a guide and reminder for security teams to assess the dangers that come with deploying a BOYD, CYOD, or COPE policy, and the need to blacklist applications from functioning while on work networks or on company-provided devices.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

I think most enterprise IT departments could see nothing but trouble with BYODs; but their advice was ignored or overruled. You can't start with a consumer product, and expect to turn it into a safe for business tool via policies; especially if it's out of your control 16 hours out of every 24.

BYOD is about on level with making everyday: Bring Your Child to Work - Day.